Thank you for the quick reply. I beat my head against it again, and
again. Then noticed the clients file. I got it working.
Alan DeKok wrote:
Daniel Durgin wrote:
I have search the archives and google, and there seems to be lots of
confusion on the subject: Requiring membership to and LDAP group to
authenticate.
No.
Authentication involves checking credentials. Authorization involves
*additional* and *independent* filter rules specifying when and where
people can authenticate.
If you think of checking group membership as authentication, it means
that you're conceptual model of how the system works is wrong. Hence
designs of any solution will be wrong, and confusion will be multiplied.
I can seem to get it to work. Notice the misspelling og the member:
dn: cn=radius_wifi,ou=Groups,dc=fu,dc=bar
cn: min_radius_wifi
objectClass: groupOfNames
objectClass: top
member: cn=tes guest,ou=Guests,dc=fu,dc=bar
The real user, cn=test guest,ou=Guests,dc=fu,dc=bar, is still able to
login.
So... read the debug output to see why. This is mentioned in no many
places that there is NO excuse for not doing it.
I also fail to understand why people look at the *configuration* to
see how the server is *running*. It's like driving car while looking
only at a map, and not at the road in front of you. If all goes well,
it might work. But as soon as a pedestrian steps in front of your car,
you fail to see him, and *boom*, bad things happen.
FreeRadius Version: freeradius-1.0.1
Why? That version is *years* old.
It comes with CentOS 5, or one of them Yum Repos. I just needed a
radius server to gateway for my LDAP server.
Alan DeKok
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you for the lesson I learned a lot.
-Dan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
